Security & Compliance

Information Security and Compliance is cardinal at vBridge Hub

At vBridge Hub, we are committed to safeguard our customer's data and other assets they share with us. Our customers depend on us to protect their resources. Thus, it is crucial for vBridge Hub to protect the security, availability and confidentiality of customer information.

To achieve this, we have defined the Information Security Policy for vBridge Hub and also published an Information Security Program based on the following pillars;

  1. Information Security Training
  2. Security Incident Management
  3. Vulnerability Management Policy
  4. Data Classification Policy
  5. Data Backup Policy
  • Data Retention Policy
  • Encryption Policy
  • Endpoint Security Policy
  • Physical Security Policy
  • Acceptable Use Policy

The Information Security Policy and policies stated above are presented to all new employees during onboarding, and all employees are required to read, review and acknowledge them.

Compliance & Certification

At vBridge Hub, we are committed to providing our Customers the confidence and trust required for them to successfully transact on our marketplace platform. We follow several security standards, regulations and applicable laws and use them to continuously develop our security policies, controls and procedures.

SOC 2 allows vBridge Hub to provide our Customers the confidence on the effectiveness of our internal security controls and safeguards to protect and secure Customers data and privacy.

vBridge Hub has successfully completed its SOC 2 examination with the guidance of a third-party consulting firm.

GDPR controls allows vBridge Hub to provide the required level of privacy protection and control for EU based employees, contractors, customers, and suppliers. Since all our Customers personal data is important we follow these controls for all EU and non-EU personal data.

vBridge Hub observes EU GDPR and continuously performs audits to ensure compliance.

Security Architecture

vBridge Hub maintains a multi-tier application security architecture. As depicted, the public internet facing tier only hosts the Web Application Firewall and Front End Client Application. Our API Gateways are safely protected behind the Web Application Firewall.

The Internal Application Services (Business Logic) is on a Private Subnet (Ephemeral) and only accessible through the API Gateways. All our databases are protected in a private subnet with restricted access, through security groups, from our Internal Application Services.


vBridge Hub provides industry standard authentication services that are secure and compliant.

Marketplace users are able to authenticate with vBridge Hub managed authentication service or through a single-sign-on experience using SAML or ADFS.

User access level is controlled via an authorization services on the basis of the user’s role and permission stored in vBridge Hub’s authorization database.


vBridge Hub ensures all data-in-transit over the internet between our users and the marketplace platform are encrypted using TLS 1.3.

For data-at-rest we use industry leading encryption standard, AES256, for both storage volume level and database level encryption.

In addition, backups are also stored in encrypted storage volumes.